[ANN] bitaddress.org Safe JavaScript Bitcoin address/private key

[Light]

I just went there, just now.

bitaddress.org

After the mouse and keyboard random input, the easiest way to generate compressed keys is to go to the Bulk Wallet tab, and click on Compressed Addresses, then hit Generate.

Compressed private keys begin with the letters K or L.

Personally, I prefer using vanitygen to create a lot of keys, its much faster than the javascript version.

Ah ok, thanks. A bit off-topic but I've heard that compressed keys may lead to smaller tx sizes and hence helps to reduce possible fees and blockchain block? Is this true and if so why?

[Dabs]

Ah ok, thanks. A bit off-topic but I've heard that compressed keys may lead to smaller tx sizes and hence helps to reduce possible fees and blockchain block? Is this true and if so why?

Compressed keys take up less space in the blockchain, therefore the transaction can be smaller. There is a detailed explanation on how this works.

As an example, you have a bunch of unspent outputs on a bunch of different non-compressed addresses, which if you send them all in a transaction will take up 2000 bytes. Had those exact same unspent outputs been on compressed addresses, the transaction size would be about half the size, or 1000 bytes.

Transaction fees are based on the size of the transaction, not on the amount.

More info in the following links:
https://www.google.com.ph/search?q=compressed+bitcoin+keys
http://bitcoin.stackexchange.com/questions/3059/what-is-a-compressed-bitcoin-key
https://bitcointalk.org/index.php?topic=129652

[pf]

I have a noob question:

When I save the website to a file and open that file in my browser in offline mode, I don't see the "initial mouse screen" anymore. It goes straight to the main website. Why?

However, I still get the green dots when I mouse move on the regular page. But I get no initial page that prompts me to move the mouse.

What should I do about this?

[Light]

I have a noob question:

When I save the website to a file and open that file in my browser in offline mode, I don't see the "initial mouse screen" anymore. It goes straight to the main website. Why?

However, I still get the green dots when I mouse move on the regular page. But I get no initial page that prompts me to move the mouse.

What should I do about this?

Did you save the file as 'Webpage HTML only' and if so which browser are you using?

Compressed keys take up less space in the blockchain, therefore the transaction can be smaller. There is a detailed explanation on how this works.

As an example, you have a bunch of unspent outputs on a bunch of different non-compressed addresses, which if you send them all in a transaction will take up 2000 bytes. Had those exact same unspent outputs been on compressed addresses, the transaction size would be about half the size, or 1000 bytes.

Transaction fees are based on the size of the transaction, not on the amount.

More info in the following links:
https://www.google.com.ph/search?q=compressed+bitcoin+keys
http://bitcoin.stackexchange.com/questions/3059/what-is-a-compressed-bitcoin-key
https://bitcointalk.org/index.php?topic=129652

Thanks, I've been using compressed keys for a while on that basis but I wasn't exactly too sure whether it was right. On the topic of fees (a bit off-topic again) have they been reduced to 0.00001 from 0.0001 and if so has this change been accepted by both the nodes and the miners?

[danieldean]

The background image for the art on the paper wallet is public domain it was sourced from a contest run by casascius on this forum. So I believe no attribution is required. Feel free to distribute your tool.

I have received some requests in the past about re-creating a paper wallet with a known key. At this moment I do not have any plans to implement that functionality, I may change my mind in the future.

Thanks for getting back to me. What I have is now published at www.bitreplace.org and on GitHub. Hopefully it will be useful. I will try to improve it so it can derive the bitcoin address and QR Codes given a private key in the future but HTML, CSS and JS are new to me for now!

[pointbiz]

why does this:

Code:

cypher@cypher:~/Desktop$ sha1sum bitaddress.org.html 
2d139339eaf0d1884436c316525e2f89d7249d45  bitaddress.org.html

not match this:

2014-04-15: status ACTIVE
bitaddress.org-v2.9.0-SHA1-6e9ae5c64d510b53fa39e36a3017d5342b838984.html
 - Split Wallet: Shamir's Secret Sharing for a Bitcoin private key.
   Thanks to Jeff Weiss.

For the sake of paranoia if you still have the file that returned the bad hash can you do a diff and look for anything suspicious?

If you did save the page as "web page complete" by accident there should be obvious signs. Also, if there was something malicious in the file you received it should jump out by doing a diff.

I got the raw code from github and did a Save Page As like I always do. Unfortunately I already deleted that file obviously.

After the 2.9.0 release I merged in some other commits. You need to save the commit which has v2.9.0 in the commit message/comments. Sometimes github is ahead of the website because I'm working on commits for the next release. So, be sure to double check the commit message for the version number.

Here is the url to the raw html for v2.9.0 from github it is with UNIX line endings
https://raw.githubusercontent.com/pointbiz/bitaddress.org/27aedc4fb8768bd19d623e80d6af3a43cdb47bb9/bitaddress.org.html
sha1sum = e2eca3335e9483fac7276ccee569469194e00605

v2.9.0 on bitaddress.org was signed with DOS line endings
https://www.bitaddress.org/bitaddress.org-v2.9.0-SHA1-6e9ae5c64d510b53fa39e36a3017d5342b838984.html
sha1sum = 6e9ae5c64d510b53fa39e36a3017d5342b838984

You downloaded this version from github which is 2 commits after v2.9.0 but before v2.9.1 was released.
https://raw.githubusercontent.com/pointbiz/bitaddress.org/351a8df3f4f052333398cd97b70bad9ad7650ba0/bitaddress.org.html
sha1sum = 2d139339eaf0d1884436c316525e2f89d7249d45

Github for Windows converts line endings to DOS when I sync which accounts for the mistake of releasing v2.9.0 signed to the website with DOS line endings. From both Github for Windows and Visual Studio DOS line endings keep creeping back in, if someone has a solution for that on Windows, especially using Visual Studio I would appreciate a suggestion.

[cypherdoc]

why does this:

Code:

cypher@cypher:~/Desktop$ sha1sum bitaddress.org.html 
2d139339eaf0d1884436c316525e2f89d7249d45  bitaddress.org.html

not match this:

2014-04-15: status ACTIVE
bitaddress.org-v2.9.0-SHA1-6e9ae5c64d510b53fa39e36a3017d5342b838984.html
 - Split Wallet: Shamir's Secret Sharing for a Bitcoin private key.
   Thanks to Jeff Weiss.

For the sake of paranoia if you still have the file that returned the bad hash can you do a diff and look for anything suspicious?

If you did save the page as "web page complete" by accident there should be obvious signs. Also, if there was something malicious in the file you received it should jump out by doing a diff.

I got the raw code from github and did a Save Page As like I always do. Unfortunately I already deleted that file obviously.

After the 2.9.0 release I merged in some other commits. You need to save the commit which has v2.9.0 in the commit message/comments. Sometimes github is ahead of the website because I'm working on commits for the next release. So, be sure to double check the commit message for the version number.

Here is the url to the raw html for v2.9.0 from github it is with UNIX line endings
https://raw.githubusercontent.com/pointbiz/bitaddress.org/27aedc4fb8768bd19d623e80d6af3a43cdb47bb9/bitaddress.org.html
sha1sum = e2eca3335e9483fac7276ccee569469194e00605

v2.9.0 on bitaddress.org was signed with DOS line endings
https://www.bitaddress.org/bitaddress.org-v2.9.0-SHA1-6e9ae5c64d510b53fa39e36a3017d5342b838984.html
sha1sum = 6e9ae5c64d510b53fa39e36a3017d5342b838984

You downloaded this version from github which is 2 commits after v2.9.0 but before v2.9.1 was released.
https://raw.githubusercontent.com/pointbiz/bitaddress.org/351a8df3f4f052333398cd97b70bad9ad7650ba0/bitaddress.org.html
sha1sum = 2d139339eaf0d1884436c316525e2f89d7249d45

Github for Windows converts line endings to DOS when I sync which accounts for the mistake of releasing v2.9.0 signed to the website with DOS line endings. From both Github for Windows and Visual Studio DOS line endings keep creeping back in, if someone has a solution for that on Windows, especially using Visual Studio I would appreciate a suggestion.

thanx.  good to know i'm not hallucinating.

how do you run a diff?

[pointbiz]

thanx.  good to know i'm not hallucinating.

how do you run a diff?

I use KDiff3 it integrates well with Windows. Select two files from Windows Explorer right click then select KDiff->Compare
http://kdiff3.sourceforge.net/

[pointbiz]

Regarding v2.9.1 this is the github URL:
https://raw.githubusercontent.com/pointbiz/bitaddress.org/96b517edc3ec4f0ebb3b620694873c1915a547c7/bitaddress.org.html
Here is the bitaddress URL:
https://www.bitaddress.org/bitaddress.org-v2.9.1-SHA1-67b1facd70890aa9544597e97122c7a1d4fdc821.html
Both hash to the same value.

[pointbiz]

v2.9.3
https://www.bitaddress.org/bitaddress.org-v2.9.3-SHA1-7d47ab312789b7b3c1792e4abdb8f2d95b726d64.html
Detached sig:
https://www.bitaddress.org/bitaddress.org-v2.9.3-SHA1-7d47ab312789b7b3c1792e4abdb8f2d95b726d64.html.sig
Github url:
https://raw.githubusercontent.com/pointbiz/bitaddress.org/6528084a65e4ddcc94fca96d012bbd15537b3f01/bitaddress.org.html
 - increased the HTML height to allow for greater range of mouse
   seed values on large monitors. Thanks danbartram.
 - Japanese translations. Thanks dabura667.

[dooglus]

I like the feature that allows me to enter 99 dice rolls to generate a truly random address, but it is lacking the ability to encrypt the keys with BIP38 and so leaves the paper wallet vulnerable to physical theft.

How hard would it be to allow BIP38 encryption on the 'details' tab?  It seems I currently have to choose between allowing bitaddress to generate the randomness or having my paper wallets unencrypted.  Please let me use true randomness and encryption at the same time. 

[pointbiz]

I like the feature that allows me to enter 99 dice rolls to generate a truly random address, but it is lacking the ability to encrypt the keys with BIP38 and so leaves the paper wallet vulnerable to physical theft.

How hard would it be to allow BIP38 encryption on the 'details' tab?  It seems I currently have to choose between allowing bitaddress to generate the randomness or having my paper wallets unencrypted.  Please let me use true randomness and encryption at the same time. 

I agree with your suggestion there needs to be a way to do that. I think I've been trying to keep the wallet details tab about viewing stuff about a key you already have. Instead of making a key. Although, I'm not sure I really stuck to that. So I could add a checkbox and input field for people who want to see the BIP38 for the key they enter with whatever passphrase they choose and they probably want to generate a QR code for that.

For a more complex solution but hopefully a better UI I'm trying to brainstorm a way where some of the tabs like Paper Wallet, Bulk Wallet, Brain Wallet have a merged/unified UI. Where there would be a default RNG type but allow you to change RNGs actually more like key generation methods. Because if you provide 99 dice roll entropy you dont need an RNG.

Multiple key generation methods:
1) The current bitaddress/ArcFour/TomWu mouse/key entropy XOR'd with hardware randonmess based generator "ECDSA.getBigRandom(n) / SecureRandom".
2) One that Casascius described in this thread which was roughly SHA256(seed + human text input + incrementor) = key. Display "seed + human text input + incrementor" next to each private key (when in this mode) so that user can verify (at any time) that his WIF key was derived from a source that included the "human text input".
3) B6 Dice wallet key "new BigInteger(input, 6)". Would need to add some incrementor so you could use it as a seed for a bulk wallet.

[Dabs]

Thanks, I've been using compressed keys for a while on that basis but I wasn't exactly too sure whether it was right. On the topic of fees (a bit off-topic again) have they been reduced to 0.00001 from 0.0001 and if so has this change been accepted by both the nodes and the miners?

Bitcoin 0.9 introduced reduced minimum relaying fees. So 0.9 nodes will relay a transaction with a fee as low as 0.00001, but the miners will not yet include it in a block.

When 0.9.2 or higher maybe comes out, the fee will probably be reduced then.

[birr]

Could you possibly make a wallet using a deck of cards? There are an insane amount of combinations possible, and you could at least just make a brainwallet by putting in the cards in order. Then you can just keep the deck in that order to save it.

52 different cards, thoroughly shuffled, and I mean thoroughly, would get you 225 bits of entropy.  More than you really need for a secure key.
Let's say you chose twenty cards randomly from a full deck of 52, and throw away the leftover cards.  Now you have twenty objects chosen randomly from a set of 52.
Adopting the strategy in your post, we preserve the order of the cards -- so we can treat this as an ordered set.  There are 52 possibilities for the first card, 51 possibilities for the second card, and so on.  So the number of possible twenty-card ordered decks is 52 factorial divided by 32 factorial.  (Assuming complete randomness in the selection.)  If you have a thoroughly shuffled 52 card deck, you can just take the top twenty cards, in order, and go with that.
Type "52!/32!" (without the quotes) in the Google search box and it tells you the answer is 3.065 x 10^32.  This is the entropy, but you want it expressed as a power of two, so
2^x=3.065x10^32  solving x =  107.9 bits of entropy
That's generally accepted as enough passphrase strength for today's computers and some decades into the future.  If you want a stronger password use more cards and recalculate.  If you add just one more card, it will garner you exactly 5 bits more entropy, because it is chosen from exactly 32 leftover cards, and 2^5=32.  
Thus 21 cards gives 112.9 bits of entropy.  Each card you add after that will add entropy, but not as much.

Okay, that covers the math, the next question is how do you convert a deck of cards into a passphrase.  You could convert the ordered cards into a base58 string by assigning a letter or number to each card in any way that seems logical to you, using 52 symbols out of the base 58 set.  You convert that string into a key by treating it as your passphrase.

Of course you have to record the numbering scheme you used and store that somewhere, if you ever want to regenerate the passphrase.  So you have to keep the deck and a list of the letters and numbers you assigned to the cards.  Also, you have to know which end of the deck you're counting from.  It would be less work just to write down the passphrase.

So what advantage would you get from using a deck of cards?  Keep the cards in one location and the symbols list in another location, I suppose...
Mostly, the utility comes from the ability to get a random string by shuffling cards.  The actual storing of the passphrase is another issue that might be solved more effectively by some other method than holding a deck of cards.

[birr]

I would make a brain wallet using cards like this:
Take a pack of cards and a sharpie.  Go through the deck and on each card write one symbol from the base58 list, which you can find here:
https://en.bitcoin.it/wiki/Base58Check_encoding
(That list leaves out zero and capital O, and it leaves out capital I and small l (ell), helping to avoid confusion.)
You won't use up all the symbols in the list, but that's ok.
Riffle shuffle the deck a dozen times or more, you want to completely randomize it.
Take a stack of about 20 to 24 cards from the shuffled deck, depending on how much entropy you think you need (see previous post).  Go get a piece of paper and pen.  Then turn over the cards one by one and write down each letter and number in sequence.  This is your passphrase, which you need to type into your offline bitaddress utility to generate the WIF private key and bitcoin address for your new wallet.  Best practice is to use a live cd or usb with the bitaddress html stored on it, and your machine's wifi turned off.
To save your passphrase, you can keep the deck and make sure the cards don't get mixed up, but it's easier to keep the piece of paper you wrote the passphrase on and forget about the cards.  I think it's safer too, because with a stack of cards there's always the risk of dropping them and getting them mixed up.

Re: live usb.  If you make a live usb that's non-persistent, you can still put the bitaddress html on it.  Just plug the usb into a machine that's already booted up and save a file with the html code in the root directory.  Then when you boot from the live usb, there should be a directory with the html code in it.  On my ubuntu live usb, it appears in a directory called CD, or CDRom, something like that.

[cypherdoc]

I would make a brain wallet using cards like this:
Take a pack of cards and a sharpie.  Go through the deck and on each card write one symbol from the base58 list, which you can find here:
https://en.bitcoin.it/wiki/Base58Check_encoding
(That list leaves out zero and capital O, and it leaves out capital I and small l (ell), helping to avoid confusion.)
You won't use up all the symbols in the list, but that's ok.
Riffle shuffle the deck a dozen times or more, you want to completely randomize it.
Take a stack of about 20 to 24 cards from the shuffled deck, depending on how much entropy you think you need (see previous post).  Go get a piece of paper and pen.  Then turn over the cards one by one and write down each letter and number in sequence.  This is your passphrase, which you need to type into your offline bitaddress utility to generate the WIF private key and bitcoin address for your new wallet.  Best practice is to use a live cd or usb with the bitaddress html stored on it, and your machine's wifi turned off.
To save your passphrase, you can keep the deck and make sure the cards don't get mixed up, but it's easier to keep the piece of paper you wrote the passphrase on and forget about the cards.  I think it's safer too, because with a stack of cards there's always the risk of dropping them and getting them mixed up.

Re: live usb.  If you make a live usb that's non-persistent, you can still put the bitaddress html on it.  Just plug the usb into a machine that's already booted up and save a file with the html code in the root directory.  Then when you boot from the live usb, there should be a directory with the html code in it.  On my ubuntu live usb, it appears in a directory called CD, or CDRom, something like that.

How would you equate this with the dice roll method in the Wallet Detail tab of the html utility?

[birr]

How would you equate this with the dice roll method in the Wallet Detail tab of the html utility?

In principle, no difference.  But when the average person takes a deck of card and gives it a few shuffles, the deck may have some residual order.  I don't think a fair die exhibits the same potential weakness.  Physical intuition tells me that as long as the die bounces a few times before settling down, the result is essentially unpredictable.  So in this respect, cards may be the weaker choice.

Having said that, I still think that cards are quite adequate for generating entropy, as long as you know what you're doing.  Start by reading the wikipedia page on card shuffling:
http://en.wikipedia.org/wiki/Shuffling
I find this sentence particularly interesting:
"seven shuffles of a new deck leaves an 81% probability of winning New Age Solitaire where the probability is 50% with a uniform random deck"

Considering the sophistication of hackers and the computing power at their command, having any residual pattern to the arrangement of the cards poses a risk.  If cards become a commonly used technique for generating passphrases, the hackers will know about it and tailor their cracking techniques to any pattern known to result from weak shuffling.  Therefore

Good shuffling is critically important.  

I don't limit my shuffling to riffles.  I also use an overhand shuffle where I hold the deck in my right hand and slide a few cards at a time off the top of the deck into my left hand.  This is a very easy shuffle.  I guess a dozen overhand shuffles alternating with a dozen riffles would do it, but considering how easy and quick it is to shuffle a deck of cards, it wouldn't hurt you to do more.  

Each passphrase only uses a couple of dozen cards, so you can generate two passphrases from a shuffled deck.

[cypherdoc]

How would you equate this with the dice roll method in the Wallet Detail tab of the html utility?

In principle, no difference.  But when the average person takes a deck of card and gives it a few shuffles, the deck may have some residual order.  I don't think a fair die exhibits the same potential weakness.  Physical intuition tells me that as long as the die bounces a few times before settling down, the result is essentially unpredictable.  So in this respect, cards may be the weaker choice.

Having said that, I still think that cards are quite adequate for generating entropy, as long as you know what you're doing.  Start by reading the wikipedia page on card shuffling:


http://en.wikipedia.org/wiki/Shuffling
I find this sentence particularly interesting:
"seven shuffles of a new deck leaves an 81% probability of winning New Age Solitaire where the probability is 50% with a uniform random deck"

Considering the sophistication of hackers and the computing power at their command, having any residual pattern to the arrangement of the cards poses a risk.  If cards become a commonly used technique for generating passphrases, the hackers will know about it and tailor their cracking techniques to any pattern known to result from weak shuffling.  Therefore

Good shuffling is critically important.  

I don't limit my shuffling to riffles.  I also use an overhand shuffle where I hold the deck in my right hand and slide a few cards at a time off the top of the deck into my left hand.  This is a very easy shuffle.  I guess a dozen overhand shuffles alternating with a dozen riffles would do it, but considering how easy and quick it is to shuffle a deck of cards, it wouldn't hurt you to do more.  

Each passphrase only uses a couple of dozen cards, so you can generate two passphrases from a shuffled deck.

Thanks. I find it interesting that in this day of the digitalization of money, we find ourselves resorting to physical means for maximum security, ie, RNGs and paper wallets.

[smoothie]

How would you equate this with the dice roll method in the Wallet Detail tab of the html utility?

In principle, no difference.  But when the average person takes a deck of card and gives it a few shuffles, the deck may have some residual order.  I don't think a fair die exhibits the same potential weakness.  Physical intuition tells me that as long as the die bounces a few times before settling down, the result is essentially unpredictable.  So in this respect, cards may be the weaker choice.

Having said that, I still think that cards are quite adequate for generating entropy, as long as you know what you're doing.  Start by reading the wikipedia page on card shuffling:


http://en.wikipedia.org/wiki/Shuffling
I find this sentence particularly interesting:
"seven shuffles of a new deck leaves an 81% probability of winning New Age Solitaire where the probability is 50% with a uniform random deck"

Considering the sophistication of hackers and the computing power at their command, having any residual pattern to the arrangement of the cards poses a risk.  If cards become a commonly used technique for generating passphrases, the hackers will know about it and tailor their cracking techniques to any pattern known to result from weak shuffling.  Therefore

Good shuffling is critically important.  

I don't limit my shuffling to riffles.  I also use an overhand shuffle where I hold the deck in my right hand and slide a few cards at a time off the top of the deck into my left hand.  This is a very easy shuffle.  I guess a dozen overhand shuffles alternating with a dozen riffles would do it, but considering how easy and quick it is to shuffle a deck of cards, it wouldn't hurt you to do more.  

Each passphrase only uses a couple of dozen cards, so you can generate two passphrases from a shuffled deck.

Thanks. I find it interesting that in this day of the digitalization of money, we find ourselves resorting to physical means for maximum security, ie, RNGs and paper wallets.

How is a RNG a physical means for maximum security? Am I missing something?

[cypherdoc]

How would you equate this with the dice roll method in the Wallet Detail tab of the html utility?

ft
In principle, no difference.  But when the average person takes a deck of card and gives it a few shuffles, the deck may have some residuual order.  I don't think a fair die exhibits the same potential weakness.  Physical intuition tells me that as long as the die bounces a few times before settling down, the result is essentially unpredictable.  So in this respect, cards may be the weaker choice.

Having said that, I still think that cards are quite adequate for generating entropy, as long as you know what you're doing.  Start by reading the wikipedia page on card shuffling:


http://en.wikipedia.org/wiki/Shuffling
I find this sentence particularly interesting:
"seven shuffles of a new deck leaves an 81% probability of winning New Age Solitaire where the probability is 50% with a uniform random deck"

Considering the sophistication of hackers and the computing power at their command, having any residual pattern to the arrangement of the cards poses a risk.  If cards become a commonly used technique for generating passphrases, the hackers will know about it and tailor their cracking techniques to any pattern known to result from weak shuffling.  Therefore

Good shuffling is critically important.  

I don't limit my shuffling to riffles.  I also use an overhand shuffle where I hold the deck in my right hand and slide a few cards at a time off the top of the deck into my left hand.  This is a very easy shuffle.  I guess a dozen overhand shuffles alternating with a dozen riffles would do it, but considering how easy and quick it is to shuffle a deck of cards, it wouldn't hurt you to do more.  

Each passphrase only uses a couple of dozen cards, so you can generate two passphrases from a shuffled deck.

Thanks. I find it interesting that in this day of the digitalization of money, we find ourselves resorting to physical means for maximum security, ie, RNGs and paper wallets.

How is a RNG a physical means for maximum security? Am I missing something?

Normally they aren't but with the recent vulnerabilities in PRNGs seen in the android and DBRG curve and potentially in other hardware with the NSA revelations, here we have people turning to dice and card shuffling as the optimum and safest means to generate random seeds.